10-12-2009 06:34 PM - edited 03-04-2019 06:20 AM
Dear All Expert,
I would like to ask all of you...
I had connection VPN HQ to branch already( i mean it is working) but the branch it cannot access internet so i would like to allow all the branch office access internet from my HQ. but at my HQ i had other one ASA for internet ,so i don't now how to allow or route ....?
Please help me to solve this issue..please kindly see in the attach file.
Hope all of you reply to me soon :)
Best Regards,
10-13-2009 12:52 AM
Hello David,
configuration of ASA connecting to the internet has to be updated so that:
it knows that remote site IP subnet(s) are reachable via 10.2.2.1
this can be a static route using the interface where net 10.2.2.0 is defined.
(inside or DMZ or other name)
AND
it provides NAT services for clients in remote site IP subnet(s).
the ASA has to translate their source ip addresses to allow access to public internet.
This should mean a change in an ACL that defines NAT or similar activity.
see
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1067863
Hope to help
Giuseppe
10-13-2009 07:13 PM
Dear Giuseppe and Expert,
thank you for your reply,
could you help to edit my configuration on the attach file.
So, in the attach file the VPN site to site is working and internet ASA is working also,
i would like to u help me as below:
1- At HQ if the client assign gateway 10.2.2.2 the client can access internet but cannot access to Branch by VPN?
2- The Branch Cannot access internet? I mean the HQ provide Intenet to branch)
Best Regards,
REchard
10-15-2009 05:26 PM
Dear All,
Do you have any update?
Best Regards,
Rechard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide